000029452 - How to create a new Log Collector lockbox within an RSA Security Analytics Windows Legacy Collector

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support on Sep 26, 2019
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000029452
Applies ToRSA Product Set: Security Analytics, NetWitness Logs & Network
SA Product/Service Type:  Windows Legacy Collector
RSA Version/Condition: 10.x, 11.x
Platform: CentOS
O/S Version: EL6, EL7

In some circumstances, it may be necessary to create a new lockbox for the Log Collector in RSA Security Analytics.  An example of this would be when Event Sources cannot be added and the user is getting the error "Can't open lockbox." 


Please note that all stored passwords for the event sources will need to be re-entered after the new lockbox is created.

  1. Login to the Windows Legacy Collector as an administrator.
  2. Make sure you can view the hidden folders in the system. 
  3. Move the files in C:\ProgramData\netwitness\ng\vault to a different directory
  4. Log in to the RSA Security Analytics UI and navigate to Administration/Admin -> Services.
  5. Select the Log Collector device and click on View -> Config.
  6. Click on the Settings tab.
  7. Leave the "Old Lockbox Password" field blank and enter a new password in the "New Lockbox Password" field.
  8. Click Apply.

User-added image
NotesTo create a new lockbox on a Local Collector refer to the knowledgebase article How to create a new Log Collector lockbox within RSA Security Analytics.